by Keith J. Jones, PhD | Jan 31, 2022 | Spicy
In this video, Keith Jones (Sr. Security Researcher, Corelight) introduces a simple Python program written to help you take your Zeek ASCII tab delimited files and make them full text searchable with ElasticSearch+Kibana (or OpenSearch, if you prefer). If you don’t...
by Keith J. Jones, PhD | Jan 31, 2022 | Spicy
In this video, Keith Jones (Sr. Security Researcher, Corelight) builds on a previous Zeek in Action video and shows how you can use spicy-driver to quickly debug (and improve!) the Radius code we built in that prior video. Link to Slides If you would like to follow...
by Keith J. Jones, PhD | Dec 3, 2021 | community, Spicy, Zeek in Action
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer. Of course Radius is in core Zeek, but it can be replaced with a Spicy Radius protocol analyzer. Keith used this development process on...
by Keith J. Jones, PhD | Jun 10, 2021 | Spicy
Introduction In April 2021 Juniper networks reported on a new Linux rootkit designed to steal SSH credentials from Linux servers. A month later Netlab 360 published a deeper analysis of the same rootkit they named “Facefish”. Both reports provide enough...
by Keith J. Jones, PhD | Apr 20, 2021 | community, Protocol Analyzer, Spicy
Introduction I previously blogged about the Zeek OpenVPN Binpac and Spicy protocol analyzers, but that is only one quarter of the popular VPN protocols I see on networks I monitor. The four main VPN protocols, in increasing complexity, I’ve seen on networks I...